Be careful the next time you try to visit a website by typing the URL into the address bar of your browser – you might land on a website hosting ads for scam products, or worse, a website designed for phishing or hosting malware.

“Typosquatting” is when a crook or scammer registers misspelled domain names (think faceboook or goggle) in the hope of stealing traffic from those legitimate sites for nefarious purposes.

A few years ago, we conducted an experiment to find out how widespread and dangerous typosquatting is, surveying all possible one-character typing errors for six .com domains: Facebook, Google, Twitter, Microsoft, Apple and, for comparison, Sophos.

We discovered 1500 of these websites were registered, including 3% of them we classified as related to cybercrime.

Unfortunately, typosquatting goes way beyond those six companies and websites on the .com top level domain (TLD) that we studied.

As of March 2016, there are more than 1200 TLDs assigned by the Internet Corporation for Assigned Names and Numbers (ICANN) – the non-profit organization responsible for managing the top-level domain name system and Internet Protocol (IP) allocation – from .TV and .biz to .XXX and .sucks.

And there are 251 country code TLDs, representing nearly every country and overseas dependent territory on Earth.

Researchers from the cybersecurity company Endgame recently stumbled across typosquatters taking advantage of the county code for Oman, .om, by mistyping netflix.com as “netflix.om.”

This page led to a page with a pop-up warning users to update their Flash player, a tactic used by cybercriminals to trick people into downloading malware.

According to Endgame, “the vast majority of .om registered domains are malicious,” and they are receiving a “non-trivial amount of traffic.”

Equally concerning, says Endgame, is that many popular brands have not registered .om domains, and therefore are vulnerable to typosquatting.

Endgame found that a handful of enterprising scammers have taken advantage of the fact that several websites are selling .om domains, with only a legitimate email address needed for identification.

Typosquatting is costly for businesses – according to the Coalition Against Domain Name Abuse (CADNA), trademark owners who want to pay to block registration of their names across hundreds of new gTLDs could pay as much as $330,000 to protect their brands from cybersquatters.

I’ve seen a TV advert where a popular ‘bank’ encourages people (particularly elderly people) to ‘miss-spell/type’ something they are searching for, as it may give them different, positive results. I was a little disgusted that they encourage others ‘not’ to spell correctly, let alone increase their threat levels… I mean, a bank! Funnily enough the same bank that I advised NOT to send me SMS messages asking me to reply, but instead send me an SMS to advise me to check something in my online banking app (a secure environment) that requires my attention

A couple of years ago SOHPOS COM was owned by a cybersquatter, who was looking for payment for an undisclosed email vulnerability as his normal modus operandi. I remember showing Chet one of the ‘ransom’ letters.